×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Next Generation Spam Zombies Will Use Data Mining

Zonk posted more than 7 years ago | from the hate-these-new-fast-zombies dept.

133

branewashd writes "The Globe and Mail is covering some new research on the future of spam. The paper 'Spam Zombies from Outer Space', from researchers at the University of Calgary, will be presented on Sunday at the European Institute for Computer Anti-Virus Research conference. According to the paper, the next generation of spam zombies will employ 'sophisticated data mining of their victims saved email'. When a computer is turned into a spam zombie, it will first be mined of its address book, mail client configuration, and mail archives. Then the spam program will use Natural Language Processing techniques to send spam messages to the victim's contacts that look a lot like messages that the user has previously sent. The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

133 comments

The three forces driving spam (4, Insightful)

chriss (26574) | more than 7 years ago | (#15222785)

Technical advances
Better tricks to fool spam filters, like the examination of text the user has written mentioned in TFA. This is close to impossible to stop, the only way is to try to be faster in developing better anti spam tools.
Lack of security
Most spam today is send from captured machines, and in the future these machines will not only be used to send but also to improve spam. This could be helped by better educated users, better default system security or easier to understand security configurations. At least there is hope.
Response
The only reason for all this spam is that it still pays. Even though it is a very small number of people, it is enough to finance the whole illegal business of building bot nets, stealing addresses etc. If there was a way to stop people to buy that stuff, the other two points would be irrelevant. Unfortunately this is not going to happen, which is the most frustrating part.

who is buying-when no one is selling (1, Troll)

way2trivial (601132) | more than 7 years ago | (#15222837)

Explain all the dictionary phrase spam, that has no valid message then?

just jumbles of phrases- and nothing advertised?

Re:who is buying-when no one is selling (2, Informative)

Anonymous Coward | more than 7 years ago | (#15222886)

It's being used to disable the Bayesian-style filters that tend to work on keywords. Basically the idea is to flood the filter with a lot of junk messages that give false positives, thus making the filters less effective as the user attempts to tag all these junk messages as spam.

Re:who is buying-when no one is selling (1)

chriss (26574) | more than 7 years ago | (#15222929)

Explain all the dictionary phrase spam, that has no valid message then? just jumbles of phrases- and nothing advertised?

I'm astonished by those all the time. My Thunderbird is throwing out about 2000 mails a day, and I am often confused about those it didn't catch. I could not recognize them as spam either, since they contain no product names, no links, nothing.

But since I believe that nothing that can be explained with stupidity should be explained by conspiracy theories, I assume these are accidents.

Well poisoners... (3, Interesting)

mengel (13619) | more than 7 years ago | (#15222998)

These are attempts to poison word-based beysian(sp?) spam filters.

If you mark enough of these random collection of useful word messages as spam, your beysian spam filer will start filing real, useful email as spam, and you will eventually decide the filter doesn't work and turn it off...

Of course, if you feed your filter just the headers and stuff that actually looks like spam, and not the blocks of random words, it can still learn useful things.

Re:Well poisoners... (2, Interesting)

coaxeus (911103) | more than 7 years ago | (#15223414)

Correct you are. I admin systems that process close to a half million messages a day average, the vast majority of that is spam. Bayesian classification is one of the 5-10 layers that contributes to a spamassassin score on these sysetms.
Bayesian is probably the most useful part of the anti-spam system, but also the most annoying to administer because of this poisoning. I can't even count the number different methods I've tried to keep an accurate bayesian database since the poisoning started, and number of databases I've had to wipe and start from scratch.
If evolution wasn't broken and stupid people did less breeding and more dying, we wouldn't have the small percentage of idiots that keep spammers in business, or the jackass spammers in the first place.

Re:Well poisoners... (4, Funny)

chriss (26574) | more than 7 years ago | (#15223483)

If evolution wasn't broken and stupid people did less breeding and more dying ...

I think this would be an universal solution to almost all of mankinds problems.

Re:who is buying-when no one is selling (1)

russ1337 (938915) | more than 7 years ago | (#15223047)

Those that get through are not spam. Its the internet becoming aware and trying to communicate with you. You are the chosen one.

Re:who is buying-when no one is selling (0)

Anonymous Coward | more than 7 years ago | (#15223673)

Fucking Sentients.

The three forces driving aspirin sales. (0)

Anonymous Coward | more than 7 years ago | (#15222863)

"Better tricks to fool spam filters, like the examination of text the user has written mentioned in TFA. This is close to impossible to stop, the only way is to try to be faster in developing better anti spam tools."

Baysian filters. Now I should point out that while this story is about spam. Nothing says that the techniques used will stay confined to spam. e.g. blackmail, identity "borrowing".

Re:The three forces driving spam (0)

Anonymous Coward | more than 7 years ago | (#15222864)

Simple answer: Equate buying things from email spam with terrorism.

Insightful? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#15222866)

Where is the "Tell us something we don't know Karma Whore!" tag?

Re:The three forces driving spam (4, Funny)

Arandir (19206) | more than 7 years ago | (#15223096)

The only reason for all this spam is that it still pays.

Here's the funny thing. Joe will receive a spam that has been carefully constructed as to appear to be coming from his mother. Why the fsck would he believe it? Is he so stupid that he would buy viagra and hoodia from his mother? The answer, unfortunately, is yes...

"Dear Son,

I am so sorry to hear about your injury. Have you considered **Ci@L15**? My arthritis is acting up, I think I will LAST ALL WEEKEND! When will you come down next, because PLEASE THE CHICAS!

Love,
Mum"

That's "insightful", not "funny". (1)

khasim (1285) | more than 7 years ago | (#15223469)

Seriously, since you know Mom wouldn't send you that, it's obvious that Mom's machine has been infected.

So you either go over and fix Mom's machine or (if you're less technically competent) you tell Mom you'll take her computer to one of the computer cleaning companies.

Problem solved. Maybe solved forever if Mom gets a different email client (fix email client exploits) or firewall (fix worms) or some education (maybe fix trojans).

Re:The three forces driving spam (1)

apt142 (574425) | more than 7 years ago | (#15223751)

Great... now I'll get emails from my parents wondering if I'm shy because of my "short gun."

I'm sure they'll write me with their solutions too.

Re:The three forces driving spam (1)

slashname3 (739398) | more than 7 years ago | (#15223263)

The only reason for all this spam is that it still pays.

You have clearly identified the problem. Disrupt the money stream and spam would go away. The best way to disrupt the money stream is at the source, the idiots that actually buy the crap pushed in spam.

How do you stop the idiots from buying spam crap? Easy, send email to all users, those that click on the contents and attempt to buy the bait are identified, tracked down, computers are confiscated, and they are barred from the Internet for life. After this is done a few times the number of people that buy stuff from spam will reach a point that the spammers won't get any money no matter how many messages they send. Choke the money off at the source and the spammers will be forced to find some other way to cheat people.

If this is not implemented then the arms race will continue and it will never end.

Re:The three forces driving spam (1)

IHC Navistar (967161) | more than 7 years ago | (#15223843)

As I commented earlier on spam and adware companies: Flagrant copyright violations of the products that they are offering is the only way to root them out. The only way to get them to come out of the shadows is to try to get you to stop. Once they go to Law Enforcement about it, you can tell them exactly why you are infringing on their 'copyrights'. Like any of the slimy bastards are going to try to get you to stop breaking the law so they can continue to. Another idea would be to punish the individuals who own the target URLs that spam contains. And, the companies that solicit spammers and adware systems should also be punished. Harshly.

I would love to tell a judge that I am violating the SpyFalcon (or whichever tradmark that I am infringing on) trademark because the origianl developer illegally uploaded its adware onto my system.

-----

"You cannot fall off of the floor."-----Trust me, I've tried.

Welcome to the world of tomorrow! (2, Funny)

Anonymous Coward | more than 7 years ago | (#15222794)

Or... the world of 1998? Didn't pretty much all Outlook worms do this?

Re:Welcome to the world of tomorrow! (0)

Anonymous Coward | more than 7 years ago | (#15223044)

... or the world of 1985 - the first IBM VNET virus did almost exactly the same thing ...

I Hope They Don't Know About Weka! (3, Funny)

eldavojohn (898314) | more than 7 years ago | (#15222795)

Damn, I hope they don't abuse the hell out of the Weka Project [waikato.ac.nz] , that's one slick open source engine I've used time and again. It'd be a crying shame to see it put to use of ill repute!
The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it.
Like what? Capital punishment for spammers?

Re:I Hope They Don't Know About Weka! (1)

TheRaven64 (641858) | more than 7 years ago | (#15223443)

Capital punishment for spammers?

I saw a better suggestion, which is five seconds of community service per email. Let them give back the amount of time to the community that they've taken. Assuming an eight-hour working day, this works out to about six months of community service per million emails.

Where's the revenue? (1)

Bromskloss (750445) | more than 7 years ago | (#15222807)

Then the spam program will use Natural Language Processing techniques to send spam messages to the victim's contacts that look a lot like messages that the user has previously sent.
Do they make money on that? (1. Re-send mail 2. ??? 3. Profit!)?

Re:Where's the revenue? (1)

geoffspear (692508) | more than 7 years ago | (#15222826)

And, more importantly, why didn't I make that revenue when I sent the message in the first place?

Re:Where's the revenue? (0)

Anonymous Coward | more than 7 years ago | (#15222958)

Yes - "Hey there Uncle Jimmy! remember when we were talking about Canada the other week? I just got a great deal on my rx from Canada. Click this website to find the deal".

That is why they will use the natural language. It would look like you were pimping penis pills from Canada to your Uncle.

Not Anytime Soon (1)

the linux geek (799780) | more than 7 years ago | (#15222815)

The spammers don't innovate, they just use existing technology for their own ends. This would definitely qualify as innovation, so it's not going to happen.

Re:Not Anytime Soon (1)

Rydia (556444) | more than 7 years ago | (#15222918)

Past performance does not indicate future returns.

Just that the idea is there, and there's a big market, makes it prudent to get ready for whatever we can reasonably see coming at us.

Re:Not Anytime Soon (1)

Kelson (129150) | more than 7 years ago | (#15223040)

Never underestimate spammers. It may give you a warm and fuzzy feeling to assume that "spammers are stupid," but some of them are surprisingly sophisticated.

One reason we're still in an arms race against spammers is that some of them -- just enough -- have the expertise (or can hire a less than scrupulous developer to provide it) to counteract just about every technological measure we've thrown at them so far.

To assume that spammers are too stupid to work around something is to fall into the trap of being an anti-spam kook [rhyolite.com] .

Spam Zombie? (0, Redundant)

kertong (179136) | more than 7 years ago | (#15222819)

The snippet mentions that the computer must first be "turned into a spam zombie".

What does this exactly entail? Does the computer first have to be compromised? Spyware/spamware installed through a backdoor? I've lightly read through the paper and it does mention that some sort of malware may be present on the victim's machine.

If so, I can't believe the lengths to which spammers will go to. This is breaking and entering, rather than just sending bulk unsolicited email.

Re:Spam Zombie? (4, Informative)

Kelson (129150) | more than 7 years ago | (#15222985)

What does this exactly entail? Does the computer first have to be compromised? Spyware/spamware installed through a backdoor? I've lightly read through the paper and it does mention that some sort of malware may be present on the victim's machine.

Yes. This has been standard operating procedure for many spammers for about two years now. Virus, worm, and spyware authors set up backdoors through which compromised computers can be loaded with spam-sending software. Then they sell access to these botnets on the black market. Spammers use software designed to blast out commands to dozens or hundreds of bots sitting in homes, businesses and elsewhere, which then spew their virtual sludge across the internet.

The hardcore spammers effectively have infinite processing power and bandwidth, since they can distribute the load across a botnet, and when the same spam run is coming a few messages at a time from hundreds of IP addresses, it's a lot harder to blacklist by IP. That's why many ISPs have started filtering outgoing SMTP traffic, and why blacklists have cropped up that just block any incoming mail from dynamic IP space.

welcome to #oldnews (0)

Anonymous Coward | more than 7 years ago | (#15222822)

<#oldnews> 1998 called and wants their news back

Re:welcome to #oldnews (4, Funny)

Foobar of Borg (690622) | more than 7 years ago | (#15222931)

1998 called and wants their news back

1990 called and wants their "$YEAR called and wants their $ITEM/CONCEPT back" meme back.

Mod parent up funny please Re:welcome to #oldnews (1)

MrNougat (927651) | more than 7 years ago | (#15222961)

This is the first thing I've read on /. that actually made me laugh instead of just smirking wryly.

Re:welcome to #oldnews (1)

MrNougat (927651) | more than 7 years ago | (#15222986)

1990 called and wants their "$YEAR called and wants their $ITEM/CONCEPT back" meme back.

2005 called and wants their "programmatic variables used as inferences to repetitiveness" back.

Sorry, I had to bandwagon jump.

Re:welcome to #oldnews (2, Funny)

misleb (129952) | more than 7 years ago | (#15223156)

2005 called and wants their "programmatic variables used as inferences to repetitiveness" back.


It is meta-criticisms all the way down.

-matthew

Some will be lucky (2, Funny)

Progman3K (515744) | more than 7 years ago | (#15222824)

There will be some people who will get pop-ups from the zombie virus requesting that they upgrade their machine to be able to run the virus properly.

That's sure to be a dead giveaway...

Re:Some will be lucky (2, Insightful)

winkydink (650484) | more than 7 years ago | (#15222865)

Some measurable percentage of people would still click on it.

Re:Some will be lucky (1)

Kelson (129150) | more than 7 years ago | (#15222996)

Some measurable percentage of people would still click on it.

Many of them without even reading it. "Oh, it's just some confirmation box, let's get it out of the way."

Same reply for all these threads.. (4, Insightful)

brxndxn (461473) | more than 7 years ago | (#15222825)

1. This is Microsoft's fault.. Microsoft should fix their operating system to ask for a password any time a program is installed, registry settings are changed, key files are modified, etc.. Also, 'install on demand' should be eliminated from Internet Explorer. Ever notice how spyware pretty much didn't exist before Microsoft gave the developers complete control over a person's PC? The end user is stupid. The whole premise of Windows assumes that.. So then why did Microsoft decide that the end user should be able to have his system completely compromised with ONE SINGLE GODDAMN FUCKING WRONG CLICK WHEN BROWSING A SHADY SITE?

2. This is the fault of the legal system. Spyware is ALREADY illegal. Congress has talked about making it 'illegaler.' Someone needs to jump forth and realize the moneymaking potential that it is to sue the pants off the incessant spammers.

Again.. 99.9% of spyware problems can be fixed by just running in limited user mode. Ubuntu has the right idea..

Re:Same reply for all these threads.. (1, Interesting)

Anonymous Coward | more than 7 years ago | (#15222955)

Having seen a preview of Windows Vista, Microsoft seems to be heading in the right direction. In Vista, everything you do will run as a "standard user", even if you are an administrator. If you attempt to do something that requires elevated priviledges, you will need to go through a system controlled dialog that confirms this. There are visual cues on these activities that are consistent from the browser through to the end-user applications.

While I'm not a Microsoft advocate, I feel that are trying to improve the situation.

Re:Same reply for all these threads.. (0)

Anonymous Coward | more than 7 years ago | (#15222987)

Don't blame Microsoft just because you are a moron. If you visit shady sites then you are already too dumb to be alive and deserve what you get.

Re:Same reply for all these threads.. (1)

Siberwulf (921893) | more than 7 years ago | (#15223439)

Microsoft should fix their operating system to ask for a password any time a program is installed, registry settings are changed, key files are modified, etc. You obviously have no idea Windows works.

First, you are prompted before running any program from the net. It even prompts you twice, once to confirm to run, a second to confirm publisher info.

Second, if you've ever seen a program like RegMon, you know that registry keys are being changed all the time. I watched the closing of one window and there were 77 writes to the registry. Tell me how willing you are to type in your ultra secure password 77 times.

Mod me down as flamebait here, but blatently igonrant "OMG FIXX0RZ UR OS!!!" posts are flamebait too, imo.

That said, I'd be stoked to have a way to lock the kernel from editing once I got my system setup.

Ok, but don't agree with your sig (1)

suggsjc (726146) | more than 7 years ago | (#15223460)

We don't necessarily need MORE linux distributions, we need BETTER linux distributions. We also need to get the ones that are out there a little more unified. Things like the Linux Standard Base http://www.freestandards.org/en/LSB [freestandards.org] while although not the end-all solution is a step in the right direction. We don't need boocoos of distros, choice is great, but something like 5-10 GREAT distros would provide good competition yet also unify some of the effort against who you said is the number 1 problem (microsoft).

Off topic a little I know, sorry. Just thought it needed to be said.

From the average college student's computer... (4, Funny)

Qzukk (229616) | more than 7 years ago | (#15222831)

"Hi mom, I'm coming home this weekend, and I'll have a load of laundry. I'll also need some money because I can get P3NNY ST0X GO WILD OVER OTCBB FFFF! and some C1AL1S CHEAP AT HTTP //CHEAPERDR00GZ.MX/ !! Could you just transfer the funds to my account, it's easy to do, just go to 12.51.53.21/htedit/upload/pics/boa_rip/index.htm [bankofamerica.com]!"

OOH! My Turn! (2, Funny)

Rachel Lucid (964267) | more than 7 years ago | (#15222951)

This will make it even more difficult to have an affair!

"Hey Honey!

I hope to see you this weekend. I've increased my pen15! I've made sure the kids are 'spending the night' over at their friend's houses, and my wife's out. Now we'll get to celebrate our anniversary with those new nippl3 clamps I bought you!

Love and V1agra,
Hermie."

How to kill a zombie (2, Informative)

Ohreally_factor (593551) | more than 7 years ago | (#15222833)

The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it.

You have to destroy its brain, of course [portlandmercury.com] .

Re:How to kill a zombie (1)

Kelson (129150) | more than 7 years ago | (#15223054)

Nah, just the original one. There's no need to go decapitating zombies left and right.

What I want to know is: Why are so many people using Worcestershire Sauce as embalming fluid?

Re:How to kill a zombie (2, Informative)

Anonymous Coward | more than 7 years ago | (#15223174)

I love how a post that consists entirely of a joke referring to the horror movie genre is moderated Informative -- twice -- rather than something more accurate like, I don't know, FUNNY?

Gotta love slashdot.

Data Mining? (2, Interesting)

ericlondaits (32714) | more than 7 years ago | (#15222841)

That doesn't sound like data mining, nor complicated data mining even... just a simple markoff-chain driven text generator would do. Anything more complicated than that wouldn't be data mining either, but rather computer linguistics.

Re:Data Mining? (1)

linvir (970218) | more than 7 years ago | (#15223015)

Yeah, when I read this I thought it meant they'd robotically research me a little to send me better spam. So far I can't even view the text! [linuxvirus.net]

But no, this is pretty boring stuff. Instead of refining their target selection, they're working on increasing their dishonesty technology. Spam programmers are evil.

What piques me about the article... (4, Insightful)

GillBates0 (664202) | more than 7 years ago | (#15222844)

...is that they fail to mention the fact that _most_ (if not all) of these "spam zombies" happen to be Windows based machines. Agreed, most of the machines in the world run Windows, but shouldn't the news article atleast mention the fact that the 'zombification' is attributable (most of the time) to Windows vulnerabilities? Don't know if the UCalgary research team mentioned it in their paper.

Re:What piques me about the article... (2, Funny)

Kelson (129150) | more than 7 years ago | (#15223081)

Bonus points for spelling "pique" correctly!

Too bad there's no +1 Good Spelling mod...

Re:What piques me about the article... (1)

cryptoguy (876410) | more than 7 years ago | (#15223187)

This approach could make the vulnerabilities (or lack thereof) in the O/s moot. The goal here is to persuade you to give your consent to install software, based on what appears to be a recommendation from a trusted source. (The software might even do exactly what the recommending email says it will do...plus a few undisclosed things). Once you install it you are owned. So rather than relying on a software vulnerability, it relies on a flaw in the human's trust and verification algorithm.

Re:What piques me about the article... (3, Insightful)

Jakeypants (860350) | more than 7 years ago | (#15223365)

No, the problem isn't Windows vulnerabilities, it's uneducated users. My Windows PC is on all the time, connected to the internet, and it's behind a firewall. It hasn't ever been hit by any of these problems that slashdotters ever claim "just happen" to Windows PCs.

Look at it this way. If Linux was the dominant platform, the issue would still exist. Let's assume for a second that Linux is 100% secure. The user will still see something online that says "Click here for free screensavers!" and guess what, they'll click there for free screensavers. The typical, uneducated user, would run as root all the time and install every piece of trash software they could.

This is a Windows problem because of the users, not because of Windows.

Re:What piques me about the article... (1)

Quintios (594318) | more than 7 years ago | (#15223547)

Ooooo, looks pro-Windows to me. You're gonna get modded down now. :-P

I can see it now... (1)

frosty_tsm (933163) | more than 7 years ago | (#15222846)

With rising concerns about spam and viruses sent by e-mail, we shall return days when mail was secure because it was written on paper. Riders on horseback would race across the expansive west with only the worry of Indians and dehydration.

I mean seriously, after scalping the rider would the Indian then send a slightly reworded copy of each letter?

Re:I can see it now... (0)

Anonymous Coward | more than 7 years ago | (#15222914)

No, but if he forwards 10 copies, Bill Gates will mail him a check for 10 bucks

Re:I can see it now... (1)

MysteriousPreacher (702266) | more than 7 years ago | (#15223523)

I thought I'd seen that somewhere before [snopes.com] ..

Hello everybody,

My name is William Hepburn Russell. I have just written up a pony express tracing program that traces everyone to whom this message is forwarded to. I am experimenting with this and I need your help. Forward this to everyone you know and if it reaches 1000 people everyone on the list will receive $10 at my expense. Enjoy.

Your friend,
William Hepburn Russell [wikipedia.org]

The best cure for such spam is... (1, Interesting)

Penguinisto (415985) | more than 7 years ago | (#15222851)

...yes, yes - Mac OSX and Linux.

But besides that, maybe an ISP should by default block all but a few outbound ports unless the user requests them specifically (either via a web interface @ the ISP or by phone)?

Or for those who recoil under privacy threats by such a thing, maybe offer a locked-all-to-hell ISP service for $x.00 (web, mail, maybe some game port ranges, and that's it) and a "we'll assume you have a clue about what you're doing" service that leaves ports as they are now for $x+y.00 (nominal enough to scare off the average users, but low enough to prevent gouging and such).

dunno... prolly a bad idea and yes full of holes (technical and otherwise), but an idea nonetheless.

/P

Re:The best cure for such spam is... (1)

corbettw (214229) | more than 7 years ago | (#15223193)

But besides that, maybe an ISP should by default block all but a few outbound ports unless the user requests them specifically (either via a web interface @ the ISP or by phone)?

Two problems with that:

1) While blocking access to port 25 outside of the ISP's network is one thing, you can't block port 80 or 443 (or some others) without seriously disrupting your customers' experience. So you have to let some traffic out. And there's nothing saying a zombie can't be programmed to connect on either of those ports even if it doesn't use HTTP.

2) The real problem is incoming connections. The zombie master has to tell the zombies to do something (sure, they can be set to send spam automatically, but that means every time you have to change the text of your spam to jibe with your active campaigns and affiliate programs you have to own those zombies all over again). And you can't cut off all incoming ports over 1024, because those are used as the client port in an active TCP connection, and there's no real way of knowing which port will be used in a given instance. You can implement stateful filtering, and only allow connections to those ports that have a corresponding connection to an approved port (25,80,443, and probably 21,22, and 23) but that is 1) expensive, and 2) trivial to circumvent (you just have the zombies wake up once a week or once a day, initiate a connection, and download the latest content for their spam).

Blocking zombies at the ISP level is, effectively, never going to happen.

Re:The best cure for such spam is... (1)

Kelson (129150) | more than 7 years ago | (#15223351)

1) While blocking access to port 25 outside of the ISP's network is one thing, you can't block port 80 or 443 (or some others) without seriously disrupting your customers' experience. So you have to let some traffic out. And there's nothing saying a zombie can't be programmed to connect on either of those ports even if it doesn't use HTTP.

Of course, not too many target mail servers are going to be listening for incoming mail on ports 80 and 443. Somewhere along the line, some machine under the spammer's control* is going to have to send the message to port 25 on a machine that isn't under the spammer's control.

A bot could send data to a proxy that runs on a non-standard port, then forwards it on to the target, but that would just add a bottleneck -- and the whole purpose of using botnets is to avoid funnelling the traffic through a small number of easily-blocked servers. They'd have to set up a second botnet of proxies on ISPs that don't filter outbound port 25, at which point the first botnet is completely redundant. Might as well cut out the middle man.

In fact, the only way I can think of to effectively send spam using port 80/443 would be to log into a webmail service and automate the UI. Even then, you'd be subject to whatever filtering or rate limiting Hotmail (or Gmail, or Yahoo, etc.) does on their own outgoing mail.

*Either through direct control (spammer's own box or someone's pwned box) or abuse of resources (open relaying, SMTP-AUTH'ed submission using stolen credentials, etc.) The only exception is if the abused box is also the target.

Re:The best cure for such spam is... (1)

IamTheRealMike (537420) | more than 7 years ago | (#15223226)

Um, why? You don't need root to send mail, and Firefox has had its fair share of instant execution vulnerabilities. You can trivially hook yourself into the shell or session manager on Linux or MacOS X so you are always loaded at startup, and hax0ring Safari to steal encrypted form data is likewise scarily easy.

Techniques like SELinux or AppArmor can stop this but they aren't integrated with most distros, it's still experimental stuff, and MacOS doesn't have anything like it.

So, I don't see any logical reason spambots would not be technically possible on these operating systems. Please enlighten me.

Re:The best cure for such spam is... (1)

Zemplar (764598) | more than 7 years ago | (#15223577)

"But besides that, maybe an ISP should by default block all but a few outbound ports unless the user requests them specifically..."

I certainly don't think ISP's should be the one's responsible for trying to secure the internet. IMHO, ISP's should not block any ports and should only provide connectivity services...all of them.

Where's Mr. Internet (Al Gore) when you need him? We need a law passed that requires anyone connecting to the internet is required to received a state license, and an international license if they wish to use internet outside of their own country. Additionally, I'll startup my own insurance company selling government mandated "internet insurance". And no, *collision* isn't covered!

Anyone found breaking the good Samaritan laws of the internet can be fined (except for speeding) and have their license revoked. BUI (blogging under the influence) is actually encourage to better increase the quality of most blogs.

Repeat violators will we forced to work the help desk for the worlds largest Microsoft-only enterprise.

What if you don't have addresses? (0, Offtopic)

smooth wombat (796938) | more than 7 years ago | (#15222852)

I don't use an email client on my machine. I log into my various email accounts and use the providers web interface. While I do have OE on my system it isn't configured and I've never used it. So I guess I'm not a target.

*sigh* I miss all the fun. No email client to be hijacked, don't have a cel phone to be infected with worms [slashdot.org] and I use Fx to surf so no ActiveX issues to worry about.

Guess there's only one thing left to do: laugh my ass off at everyone elses problems.

That's not data mining. It's just copying data (5, Informative)

etully (158824) | more than 7 years ago | (#15222883)

Pet Peeve: Data mining is about making statistical inferences based on a large group of data and extracting patterns that nobody saw before.
Examining someone's address book, copying an email in the Outbox, and inserting junk in the middle of that is no more than low tech vandalism.

Yeah, but... (1)

DragonWriter (970822) | more than 7 years ago | (#15222948)

...if you call it "low-tech vandalism" rather than "data mining", you don't get to use big shiny buzzwords. So "data mining" it is, even though, well, it isn't.

Re:Yeah, but... (0)

Anonymous Coward | more than 7 years ago | (#15223209)

The authors of the actual paper use the gerund "mining" pretty freely, but (in the quick glance I took) I don't think anything they described rises to the level of "data mining".

-Will Dwinnell
http://will.dwinnell.com/ [dwinnell.com]

Fighting spam (0)

Quxan (968817) | more than 7 years ago | (#15222888)

To me the easiest/most effective way to fight spam is not fighting the people who send spam, but the companies who employ spammers... (no more false positive/negative blocks)
http://www.bluesecurity.com/ [bluesecurity.com] claims to be working like that...

Bring back colonial-era punishment (1)

ColonelPanic (138077) | more than 7 years ago | (#15222925)

Isn't it fun to imagine spammers being sentenced to a couple hours in the stocks in the village square?

Sigh.

Re:Bring back colonial-era punishment (0)

Anonymous Coward | more than 7 years ago | (#15223056)

Yeah on throw cans of spam at them.

It would let hormel make up money for the loss of sales due to be ing associated with junk email.

Needless to say we woudn't open the cans...

Re:Bring back colonial-era punishment (1)

Kelson (129150) | more than 7 years ago | (#15223238)

Isn't it fun to imagine spammers being sentenced to a couple hours in the stocks in the village square?

Don't you mean sentenced to a couple of hours in the St0cKz?

Re:Bring back colonial-era punishment (0)

Anonymous Coward | more than 7 years ago | (#15223709)

...a couple hours in the stocks...

You misspelled "decades".

their estimates are low (1)

tscheez (71929) | more than 7 years ago | (#15222930)

Research firms figure spam accounts for about 40 per cent of the billions of e-mails sent each day.

It's more like 70-80% as my spam firewall allows 22% of email.

Email for Messaging Only (1)

digitaldc (879047) | more than 7 years ago | (#15222942)

"What we want to do in our research at the University of Calgary is get out of the cycle of just reacting to new problems we see."

Change the spammer's email environment before it changes you.
Have an email option solely for communication and not for commercial transfer or for selling things.
I guess people/business wouldn't go for that.

Data mining huh? (2, Funny)

fish_in_the_c (577259) | more than 7 years ago | (#15222943)

I'm waiting for someone to come up with an expert system /AI that looks for new securtity exploits and then uses them to spread it's own code to other systems. Try filtering that out.

From a practical standpoint... (1, Flamebait)

Null Nihils (965047) | more than 7 years ago | (#15222947)

As much as I would like to see everyone drop all the Windows, Outlook, Internet Explorer crap so we can all move on from things such as spam and worms, I doubt that this is going to happen to any good degree in the next 5 years. But who knows?

What I'm sure will happen, sadly, is that Microsoft will push Vista, and it will contain some half-assed attempts at curbing these horrible, large-scale problems of zombies, worms, etc, etc. How effective these attempts will be (if at all) remains to be seen.

So, the next 5 years will be... interesting. Will Vista do anything to curb the problems which are likely to be exacerbating as described in TFA? (Doubtful.) Will less stupid technologies like Linux and OSX start moving in to actually do something about the sorry state of things? (Also doubtful.)

On the bright side, what I can see in the next 5 years or so, is the older PC's that are sitting in a den somewhere pumping out viruses and spam, dying off as their cheap Dell consumer-grade components go kaput. What these zombie computers are replaced with is what will make the difference. We can always cross our fingers and hope that these computers will be replaced with Linux or OSX. And hope, and hope.

At any rate, I for one do not welcome our outer space spam zombie overlords.

Re:From a practical standpoint... (1)

generic-man (33649) | more than 7 years ago | (#15223020)

Mac OS X: Installer for SketchySharewareApp needs to run a script to determine where it should be installed. Please enter your root password. (PUT HACKING HERE)

Linux: See above in the event that the user wants to install applications outside the walled garden of a distribution's software repository.

I'm not saying that Windows is perfect, but the user represents a very weak link in the security process.

Re:"lol not root!!" != Secure (1)

Lord Bitman (95493) | more than 7 years ago | (#15223256)

it's not even "more secure than what windows doeslol!"
By default in linux:
  - Permissions tend to be inheireted
  - You tend to do everything as a single "user" with a single set of permissions.
  - Attempting to extend this scheme into something more realistic is, at the very least, non-trivial.

Err thanks guys... (1)

suv4x4 (956391) | more than 7 years ago | (#15223021)

researchers at the University of Calgary, will be presented on Sunday at the European Institute for Computer Anti-Virus Research conference. According to the paper, the next generation of spam zombies will employ 'sophisticated data mining of their victims saved email'.

Nice, so even if most spammers don't have the intelligence or resources to do the research for more sophisticated spamming (beyond finding yet another exploit for IE), a bunch of researchers do it for them and publish the papers.

How helpful of them.

And btw that's happening all the time - researchers publishing papers of the next generation terrorism, virii (with working proof of concepts), spamming, identity theft and so on.

Good, do your research, maybe just don't make it widely available to the people you're claiming you're trying to protect us from.

Oh, really? (4, Funny)

aardvarkjoe (156801) | more than 7 years ago | (#15223045)

Then the spam program will use Natural Language Processing techniques to send spam messages to the victim's contacts that look a lot like messages that the user has previously sent. The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it.
For instance, before sending someone your credit card number, take a moment to ask yourself whether or not your mother is likely to be offering to sell you penis enlargement pills.

Somehow, I don't think it is going to be difficult to tell the difference, simply because my friends are not trying to peddle things to me.

Yeah really! (1)

suggsjc (726146) | more than 7 years ago | (#15223559)

Maybe not penis enlargement pills, but you could still get these...

Hey, check this site out, just came across it and thought of you [insert spoofed site name]

Or
Hey, did you go to high-school with this guy? [insert spoofed site name]

Then you thought you were going to youtoob or myspace or some other "friendly" site, but you were really getting redirected back to a site that exploits ActiveX, and boom, gotta virus. Maybe not you, since hopefully your running Firefox, but its those other 85% that will get it.

Unfortunately this is not new or next generation. (2, Interesting)

eronysis (928181) | more than 7 years ago | (#15223051)

I regularly recieve emails of exactly this nature to several addresses I use to deal with shady/or poorly managed state agencies. I noticed address mining of this sort at least 16 months ago. I typically know that a given shop will be calling for some sort of aid when I start getting my own (slightly modified and links added) back with own signature attached(once again slightly mispelled).

Sounds like it can pass the Turing Test! (1)

Browzer (17971) | more than 7 years ago | (#15223090)

...at least when compared to the inteligence of an average joe.

If that is the case, now that AI is at least as advanced as the average joe, time to start working on Meta-AI: a computer program able to distinguish between AI and the average joe.

MXSNDR / MXPTR Records (1)

LordOfTheNoobs (949080) | more than 7 years ago | (#15223390)

* Make every sending entity register rDNS MXPTR records that state IPs allowed to send mail for the domain.
* Don't accept mail that doesn't have properly registered rDNS MXPTR entries.
* Profit from ending site spoofing in spam, making the only outlets open relays and subverted real mail servers, which is considerably less than the whole of home systems worldwide

It's easy. It's distributed. It recognizes the frequent difference between Sending and Receiving MTAs. There are no new control structures to deal with, just an extra reverse DNS entry.

1.2.3.4 @example.com
1.2.3.5 @example.com
1.2.3.4 @subdomain.example.com
1.2.3.5 @subdomain.example.com

Re:MXSNDR / MXPTR Records (1)

Kelson (129150) | more than 7 years ago | (#15223676)

MXPTR, SPF, Sender-ID, RMX, whatever, these schemes don't help stop spam -- they help stop (or at least identify) forgery. As it happens, a lot of spam today uses forged sender addresses. , so blocking mail that actively fails such a check does stop spam. Experience with SPF has shown us that spammers are perfectly willing to adopt this kind of record and just authorize the entire internet to send for their own domain. (On the plus side, since their SPF record says the domain is correct, you can safely blacklist them by domain.)

As a FUSSP [rhyolite.com] , blocking all non-SPF/MXPTR/whatever labeled mail is going to require every single sender in the world to adopt this change before it will be useful. Not what I'd call "easy," by any stretch.

Quict checking keywords, check URIs!! (0)

Anonymous Coward | more than 7 years ago | (#15223747)

Oh fer chrissake. RBLs of sending domains, and keyword triggers DON'T WORK anymore. Spam would be useless to the spammer if it didn't send you somewhere to buy something. Don't check for 55,000 spellings of V1&5ra, check the URIs against a good, up to date URI blacklist. Better tools like MailScanner and it's use of Spam Assasin, have this functionality built in. Use it! /rant
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...